Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains; Two Other Chains Also Notifying Customers
Brian Krebs reports:
Two financial industry sources who track payment card fraud and asked to remain anonymous for this story said the four million cards were taken in breaches recently disclosed by restaurant chains Krystal, Moe’s, McAlister’s Deli and Schlotzsky’s. Krystal announced a card breach last month. The other three restaurants are all part of the same parent company and disclosed breaches in August 2019.
KrebsOnSecurity heard the same conclusion from Gemini Advisory, a New York-based fraud intelligence company.
“Gemini found that the four breached restaurants, ranked from most to least affected, were Krystal, Moe’s, McAlister’s and Schlotzsky’s,” Gemini wrote in an analysis of the New World Order batch shared with this author.
Read more on KrebsOnSecurity.
In other news involving the hospitality sector, the DiBella’s Subs chain is also notifying customers of a breach in 2018.
DiBella’s Subs issued a statement on its website in which it said customers who visited stores in Connecticut, Indiana, Michigan, Ohio, New York and Pennsylvania may be affected.
The information stolen may have included names, payment card numbers, expiration dates and CVV numbers.
WSFB reports that more than 300,000 payment cards may be impacted, but the chain is unable to determine exactly whose data may have been compromised.
And if that wasn’t enough bad news for you from the hospitality sector, DarkReading reports that On the Border is notifying customers in 28 states of a malware incident in August:
On the Border, a border-style Mexican food chain known for “chips as big as your head,” has given notice of a data breach in a payment-processing system serving restaurants in 28 states. The company says that some customer credit card information could have been compromised on visits between April 10 and August 10, 2019.
Read more on DarkReading.